In the current global economy, almost all the big businesses of the world are having to address issues with Internet Security. And in most cases, the overall security plan is designed to just try to deter hackers. Especially if the deterent is good enough to just get hackers to leave and find an easier target.
The problem is that there is a new kind of internet terrorist out there now. In the industry, we call them APT’s. It stands for advanced persistent threats. This group takes perverse joy in continuing to hack sites till a solution is found. Welcome to the new world of internet attacks.
This type of hacker is typically a non professional. Therefore, they are not bound by budget constraints, and the need to show quick results. It could very well be the kid next door.
“Such campaigns need not necessarily be backed by enemy states, but may include friendly nations that compete in the global market, and want to promote home-grown enterprises,” he says.
Traditional defences will not deter such attacks because the potential gains for the attackers are so high that they will invest a lot of resources in crafting sophisticated, multi-stage technical attacks, says Shulman.
“The reality is that most organisations balance security requirements with the need to keep the business running, and often the balance is in favour of business continuity,” says Shulman.
Consequently, he says, there is almost always a way to craft attacks that will bypass standard security settings, which is what usually happens with APTs.
How can you defend against such attaks?
What should organisations be doing to defend against APTs? That’s the real question. In short, the solution is in the details. You have to be paying attention to the details of what is happening on your website. Here is what Shulman ways:
Carry out a risk analysis…..A risk analysis will not only tell an organisation if it needs to spend time and resources on mitigating APTs, he says, but will enable it to spend security budgets more cost effectively, by matching security investments to level of risk.
Where organisations believe they are at risk of APTs because of the kind of information they hold on their networks, they should immediately establish a process for reviewing all security alerts and attacks, even those that have been blocked.
“Most organisations discard this information. They are happy that their firewalls and anti-malware solutions are blocking threats, and do not look at what their systems are picking up to identify any surges or trends that might be part of an APT campaign,” says Shulman.
Where there is a threat of APTs, he says organisations cannot simply mitigate attacks, but need to keep track of what is happening and monitor and analyse what is being blocked to help refine controls around what they think will be targeted next.
“If organisations can identify ongoing efforts to break into their network, then they should alert law enforcement agencies and allocate extra resources to protect the information being targeted by attackers,” says Shulman.
An important element of defending against APTs, he says, is maintaining a balance between all areas of security rather than investing most resources in the latest threats.
“IT security professionals must ensure that while they are adding mitigations for new threats, they do not neglect old attack methods, because attackers never do,” says Shulman.
Finally, organisations at risk of APTs, as well as all other organisations, should try to pinpoint areas of their IT system and data that are at risk, then isolate them as much as possible and put effort around those, rather than try to create the same high level of protection across the network, which is usually not practical, as demonstrated by the recent publication of thousands of “sensitive” US government documents, says Shulman.
“Organisations need to define what is core information and enable true control over it, because if they attempt to watch thousands of documents that have been incorrectly classified as ‘sensitive,’ they are bound to fail” he says.
